MEC : a system for constructing and analysing transition systems

Arnold, André

doi:10.1007/3-540-52148-8_11

Cited by 34 publications

(24 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This section introduces networks of Ltss [25,26], a concurrent model close to Mec [1] and Fc2 [4], which consists of a set of Ltss composed in parallel and synchronizing following general synchronization rules.…”

Section: Network Of Ltssmentioning

confidence: 99%

Partial Order Reductions Using Compositional Confluence Detection

Lang

Mateescu

2009

FM 2009: Formal Methods

View full text Add to dashboard Cite

Abstract. Explicit state methods have proven useful in verifying safetycritical systems containing concurrent processes that run asynchronously and communicate. Such methods consist of inspecting the states and transitions of a graph representation of the system. Their main limitation is state explosion, which happens when the graph is too large to be stored in the available computer memory. Several techniques can be used to palliate state explosion, such as on-the-fly verification, compositional verification, and partial order reductions. In this paper, we propose a new technique of partial order reductions based on compositional confluence detection (Ccd), which can be combined with the techniques mentioned above. Ccd is based upon a generalization of the notion of confluence defined by Milner and exploits the fact that synchronizing transitions that are confluent in the individual processes yield a confluent transition in the system graph. It thus consists of analysing the transitions of the individual process graphs and the synchronization structure to identify such confluent transitions compositionally. Under some additional conditions, the confluent transitions can be given priority over the other transitions, thus enabling graph reductions. We propose two such additional conditions: one ensuring that the generated graph is equivalent to the original system graph modulo branching bisimulation, and one ensuring that the generated graph contains the same deadlock states as the original system graph. We also describe how Ccd-based reductions were implemented in the Cadp toolbox, and present examples and a case study in which adding Ccd improves reductions with respect to compositional verification and other partial order reductions.

show abstract

Section: Network Of Ltssmentioning

confidence: 99%

Partial Order Reductions Using Compositional Confluence Detection

Lang

Mateescu

2009

FM 2009: Formal Methods

View full text Add to dashboard Cite

show abstract

“…Assume that x is a cell, T ime(x) its time, Er(x) its rate and τ 2 , τ 3 the two window parameters. The model checking approaches with MEC [1] and UPPAAL [3] had to assign values to these parameters in order to proceed. Here we only assume all over the proof that τ 2 > τ 3 without any further mention of this hypothesis.…”

Section: The Main Proofmentioning

confidence: 99%

Mechanical Verification of an Ideal Incremental ABR Conformance Algorithm

Rusinowitch

Stratulat

Klay

2000

Computer Aided Verification

View full text Add to dashboard Cite

Abstract. The Available Bit Rate protocol (ABR) for ATM networks is well-adapted to data traffic by providing minimum rate guarantees and low cell loss to the ABR source end system. An ABR conformance algorithm for controlling the source rates through an interface has been defined by ATM Forum and a more efficient version of it has been designed in [13]. We present in this work the first complete mechanical verification of the equivalence between these two algorithms. The proof is involved and has been supported by the PVS theorem-prover. It has required many lemmas, case analysis and induction reasoning for the manipulation of unbounded scheduling lists. Some ABR conformance protocols have been verified in previous works. However these protocols are approximations of the one we consider here. For instance, the algorithms mechanically proved in [10] and [5] consider scheduling lists with only two elements.

show abstract

“…As mentioned in the introduction, it has already proven to be extremely successful in debugging hardware [5, 1 6 , 32, 11, 10, 4 ]. Tool support for model checking includes SMV [31], FDR [19], COSPAN [22], the Concurrency Workbench [12], Mur [17], and Mec [2]. There are more and more documented case studies; for example, the proceedings of the 1995 Workshop of Industrial-Strength Formal Techniques contains four model checking case study papers [20].…”

Section: Related Workmentioning

confidence: 99%

A Case Study in Model Checking Software Systems.

Wing¹,

Vaziri-Farahani²

1996

View full text Add to dashboard Cite

Model checking is a proven successful technology for verifying hardware. It works, however, on only nite state machines, and most software systems have innitely many states. Our approach to applying model checking to software hinges on identifying appropriate abstractions that exploit the nature of both the system, S, and the property, , t o b e v eried. We c heck on an abstracted, but nite, model of S. Following this approach w e v eried three cache coherence protocols used in distributed le systems. These protocols have to satisfy this property: \If a client believes that a cached le is valid then the authorized server believes that the client's copy i s v alid." In our nite model of the system, we need only represent the \beliefs" that a client and a server have about a cached le; we can abstract from the caches, the les' contents, and even the les themselves. Moreover, by successive application of the generalization rule from predicate logic, we need only consider a model with at most two clients, one server, and one le. We used McMillan's SMV model checker; on our most complicated protocol, SMV took less than 1 second to check o v er 43,600 reachable states. Motivation: Theorem Proving and Model CheckingSoftware systems keep growing in size and complexity. Many large, complex software systems must guarantee certain critical functional, real-time, faulttolerant, and performance properties. Proving that such a system satises these kinds of properties can increase our condence that it will operate correctly and reliably. Proofs based on formal, rather than informal, techniques make our reasoning precise; moreover, they are amenable to mechanical aids such a s syntax and semantics checkers. Formal reasoning entails comparing two formal objects, e.g., establishing the correctness of a program with respect to a specication or showing that one concurrent process simulates another. The starting point i s h a ving two formal objects. There are two general approaches to showing the correspondence between these two objects: theorem proving and model checking. We argue that model checking should and will play a larger role in reasoning about software systems than it does today.The traditional approach to formal reasoning about software is program verication where one formal object is the program text and the other is a specication written in some mathematical logic. The formal technique used to show a correspondence between the two objects is based on theorem proving. Over time this approach has been shown to work on increasingly larger and larger programs, especially as the tool support like theorem provers and proof checkers has become more and more sophisticated. Yet, it still has drawbacks:The size of a program we can prove correct is on the order of only a couple thousand lines of code [14].To do such a proof requires highly-skilled people, such as theorem-proving experts, domain experts, or both.The human time to do such a proof is on the order of months or even years; the machine time, on the order of ho...

show abstract

MEC : a system for constructing and analysing transition systems

Cited by 34 publications

References 11 publications

Partial Order Reductions Using Compositional Confluence Detection

Partial Order Reductions Using Compositional Confluence Detection

Mechanical Verification of an Ideal Incremental ABR Conformance Algorithm

A Case Study in Model Checking Software Systems.

Contact Info

Product

Resources

About